@uploadista/server 0.0.3

package/dist/plugins-typing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugins-typing.d.ts","sourceRoot":"","sources":["../src/plugins-typing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAC5C,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,iBAAiB,CAC3B,MAAM,SAAS,SAAS,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,IACtD,MAAM,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,KAAK,CAAC,MAAM,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,GAC/D,OAAO,GACP,KAAK,CAAC;AAEV,MAAM,MAAM,WAAW,CACrB,MAAM,SAAS,CACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,IAAI,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,IAC3C,UAAU,CAAC,MAAM,CAAC,SAAS,MAAM,CAAC,MAAM,CAAC,MAAM,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,GACzE,OAAO,GACP,KAAK,CAAC;AAEV,MAAM,MAAM,kBAAkB,CAC5B,MAAM,SAAS,CACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,IAAI,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,IAC3C,WAAW,CAAC,MAAM,CAAC,SAAS,IAAI,CAClC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,EACpB,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,CACR,GACG,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GACxB,KAAK,CAAC;AAEV,MAAM,MAAM,iBAAiB,CAC3B,MAAM,SAAS,CACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,IAAI,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,IAC3C,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC,CAAC;AAEtD,MAAM,MAAM,eAAe,CACzB,MAAM,SAAS,CACb,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,IAAI,KACpB,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAE7C,QAAQ,SAAS,SAAS,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,IACxD,OAAO,CACT,iBAAiB,CAAC,MAAM,CAAC,EACzB,iBAAiB,CAAC,QAAQ,CAAC,CAC5B,SAAS,KAAK,GACX,OAAO,GACP;IACE,gBAAgB,EAAE,OAAO,CACvB,iBAAiB,CAAC,MAAM,CAAC,EACzB,iBAAiB,CAAC,QAAQ,CAAC,CAC5B,CAAC;CACH,CAAC"}

package/dist/plugins-typing.js

@@ -0,0 +1 @@
+export {};

package/dist/service.d.ts

@@ -0,0 +1,63 @@
+import { Context, Effect, Layer } from "effect";
+import type { AuthContext } from "./types";
+declare const AuthContextService_base: Context.TagClass<AuthContextService, "AuthContextService", {
+    /**
+     * Get the current client ID from auth context.
+     * Returns null if no authentication context is available.
+     */
+    readonly getClientId: () => Effect.Effect<string | null>;
+    /**
+     * Get the current auth metadata.
+     * Returns empty object if no authentication context or no metadata.
+     */
+    readonly getMetadata: () => Effect.Effect<Record<string, unknown>>;
+    /**
+     * Check if the current client has a specific permission.
+     * Returns false if no authentication context or permission not found.
+     */
+    readonly hasPermission: (permission: string) => Effect.Effect<boolean>;
+    /**
+     * Get the full authentication context if available.
+     * Returns null if no authentication context is available.
+     */
+    readonly getAuthContext: () => Effect.Effect<AuthContext | null>;
+}>;
+/**
+ * Authentication Context Service
+ *
+ * Provides access to the current authentication context throughout
+ * the upload and flow processing pipeline. The service is provided
+ * via Effect Layer and can be accessed using Effect.service().
+ *
+ * @example
+ * ```typescript
+ * import { Effect } from "effect";
+ * import { AuthContextService } from "@uploadista/server";
+ *
+ * const uploadHandler = Effect.gen(function* () {
+ *   const authService = yield* AuthContextService;
+ *   const clientId = yield* authService.getClientId();
+ *   if (clientId) {
+ *     console.log(`Processing upload for client: ${clientId}`);
+ *   }
+ * });
+ * ```
+ */
+export declare class AuthContextService extends AuthContextService_base {
+}
+/**
+ * Creates an AuthContextService Layer from an AuthContext.
+ * This is typically called by adapters after successful authentication.
+ *
+ * @param authContext - The authentication context from middleware
+ * @returns Effect Layer providing AuthContextService
+ */
+export declare const AuthContextServiceLive: (authContext: AuthContext | null) => Layer.Layer<AuthContextService>;
+/**
+ * No-auth implementation of AuthContextService.
+ * Returns null/empty values for all operations.
+ * Used when no authentication middleware is configured (backward compatibility).
+ */
+export declare const NoAuthContextServiceLive: Layer.Layer<AuthContextService>;
+export {};
+//# sourceMappingURL=service.d.ts.map

package/dist/service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../src/service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;;IA0BvC;;;OAGG;0BACmB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC;IAExD;;;OAGG;0BACmB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAElE;;;OAGG;4BACqB,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;IAEtE;;;OAGG;6BACsB,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;;AA9CpE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,kBAAmB,SAAQ,uBA2BrC;CAAG;AAEN;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,GACjC,aAAa,WAAW,GAAG,IAAI,KAC9B,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAO7B,CAAC;AAEL;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,EAAE,KAAK,CAAC,KAAK,CAAC,kBAAkB,CACvC,CAAC"}

package/dist/service.js

@@ -0,0 +1,43 @@
+import { Context, Effect, Layer } from "effect";
+/**
+ * Authentication Context Service
+ *
+ * Provides access to the current authentication context throughout
+ * the upload and flow processing pipeline. The service is provided
+ * via Effect Layer and can be accessed using Effect.service().
+ *
+ * @example
+ * ```typescript
+ * import { Effect } from "effect";
+ * import { AuthContextService } from "@uploadista/server";
+ *
+ * const uploadHandler = Effect.gen(function* () {
+ *   const authService = yield* AuthContextService;
+ *   const clientId = yield* authService.getClientId();
+ *   if (clientId) {
+ *     console.log(`Processing upload for client: ${clientId}`);
+ *   }
+ * });
+ * ```
+ */
+export class AuthContextService extends Context.Tag("AuthContextService")() {
+}
+/**
+ * Creates an AuthContextService Layer from an AuthContext.
+ * This is typically called by adapters after successful authentication.
+ *
+ * @param authContext - The authentication context from middleware
+ * @returns Effect Layer providing AuthContextService
+ */
+export const AuthContextServiceLive = (authContext) => Layer.succeed(AuthContextService, {
+    getClientId: () => Effect.succeed(authContext?.clientId ?? null),
+    getMetadata: () => Effect.succeed(authContext?.metadata ?? {}),
+    hasPermission: (permission) => Effect.succeed(authContext?.permissions?.includes(permission) ?? false),
+    getAuthContext: () => Effect.succeed(authContext),
+});
+/**
+ * No-auth implementation of AuthContextService.
+ * Returns null/empty values for all operations.
+ * Used when no authentication middleware is configured (backward compatibility).
+ */
+export const NoAuthContextServiceLive = AuthContextServiceLive(null);

package/dist/service.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=service.test.d.ts.map

package/dist/service.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.test.d.ts","sourceRoot":"","sources":["../src/service.test.ts"],"names":[],"mappings":""}

package/dist/service.test.js

@@ -0,0 +1,195 @@
+import { Effect } from "effect";
+import { describe, expect, it } from "vitest";
+import { AuthContextService, AuthContextServiceLive, NoAuthContextServiceLive, } from "./service";
+describe("AuthContextService", () => {
+    describe("AuthContextServiceLive", () => {
+        it("should return userId when auth context is provided", async () => {
+            const authContext = {
+                clientId: "user-123",
+                metadata: { role: "admin" },
+                permissions: ["upload:create", "flow:execute"],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getClientId();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBe("user-123");
+        });
+        it("should return null when auth context is null", async () => {
+            const layer = AuthContextServiceLive(null);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getClientId();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBeNull();
+        });
+        it("should return metadata when auth context is provided", async () => {
+            const authContext = {
+                clientId: "user-123",
+                metadata: { role: "admin", tier: "premium" },
+                permissions: [],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getMetadata();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toEqual({ role: "admin", tier: "premium" });
+        });
+        it("should return empty object when auth context has no metadata", async () => {
+            const authContext = {
+                clientId: "user-123",
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getMetadata();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toEqual({});
+        });
+        it("should return empty object when auth context is null", async () => {
+            const layer = AuthContextServiceLive(null);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getMetadata();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toEqual({});
+        });
+        it("should return true for existing permission", async () => {
+            const authContext = {
+                clientId: "user-123",
+                permissions: ["upload:create", "flow:execute", "admin:read"],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.hasPermission("flow:execute");
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBe(true);
+        });
+        it("should return false for non-existing permission", async () => {
+            const authContext = {
+                clientId: "user-123",
+                permissions: ["upload:create", "flow:execute"],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.hasPermission("admin:write");
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBe(false);
+        });
+        it("should return false for permission check when no permissions array", async () => {
+            const authContext = {
+                clientId: "user-123",
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.hasPermission("upload:create");
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBe(false);
+        });
+        it("should return false for permission check when auth context is null", async () => {
+            const layer = AuthContextServiceLive(null);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.hasPermission("upload:create");
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBe(false);
+        });
+        it("should return full auth context when provided", async () => {
+            const authContext = {
+                clientId: "user-123",
+                metadata: { role: "admin" },
+                permissions: ["upload:create"],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getAuthContext();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toEqual(authContext);
+        });
+        it("should return null auth context when not provided", async () => {
+            const layer = AuthContextServiceLive(null);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getAuthContext();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toBeNull();
+        });
+    });
+    describe("NoAuthContextServiceLive", () => {
+        it("should return null for getUserId", async () => {
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getClientId();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(NoAuthContextServiceLive)));
+            expect(result).toBeNull();
+        });
+        it("should return empty object for getMetadata", async () => {
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getMetadata();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(NoAuthContextServiceLive)));
+            expect(result).toEqual({});
+        });
+        it("should return false for any permission check", async () => {
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                const result1 = yield* service.hasPermission("upload:create");
+                const result2 = yield* service.hasPermission("admin:write");
+                return { result1, result2 };
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(NoAuthContextServiceLive)));
+            expect(result.result1).toBe(false);
+            expect(result.result2).toBe(false);
+        });
+        it("should return null for getAuthContext", async () => {
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                return yield* service.getAuthContext();
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(NoAuthContextServiceLive)));
+            expect(result).toBeNull();
+        });
+    });
+    describe("Effect Layer composition", () => {
+        it("should work in composed effect programs", async () => {
+            const authContext = {
+                clientId: "user-456",
+                metadata: { department: "engineering" },
+                permissions: ["flow:execute"],
+            };
+            const layer = AuthContextServiceLive(authContext);
+            const program = Effect.gen(function* () {
+                const service = yield* AuthContextService;
+                const clientId = yield* service.getClientId();
+                const metadata = yield* service.getMetadata();
+                const hasPermission = yield* service.hasPermission("flow:execute");
+                return { clientId, metadata, hasPermission };
+            });
+            const result = await Effect.runPromise(program.pipe(Effect.provide(layer)));
+            expect(result).toEqual({
+                clientId: "user-456",
+                metadata: { department: "engineering" },
+                hasPermission: true,
+            });
+        });
+    });
+});

package/dist/types.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Authentication context containing user identity and authorization metadata.
+ * This context is extracted from authentication middleware and made available
+ * throughout the upload and flow processing pipeline via Effect Layer.
+ */
+export type AuthContext = {
+    /**
+     * Unique identifier for the authenticated user.
+     * This is typically extracted from JWT claims (sub), session data, or API key metadata.
+     */
+    clientId: string;
+    /**
+     * Optional metadata for authorization and tracking purposes.
+     * Can include rate limits, quotas, permissions, or custom application data.
+     *
+     * @example
+     * ```typescript
+     * {
+     *   permissions: ['upload:create', 'flow:execute'],
+     *   rateLimit: { requests: 1000, period: 3600 },
+     *   quota: { storage: 10737418240, used: 5368709120 }
+     * }
+     * ```
+     */
+    metadata?: Record<string, unknown>;
+    /**
+     * Optional list of permissions granted to the user.
+     * These can be used for fine-grained access control in the future.
+     */
+    permissions?: string[];
+};
+/**
+ * Result type for authentication middleware.
+ * - AuthContext: Successful authentication with user identity
+ * - null: Authentication failed or not authenticated
+ */
+export type AuthResult = AuthContext | null;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;;;;;;;;OAYG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEnC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC"}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@uploadista/server",
+  "type": "module",
+  "version": "0.0.3",
+  "description": "Core Server package for Uploadista",
+  "license": "MIT",
+  "author": "Uploadista",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./auth": {
+      "types": "./dist/auth/index.d.ts",
+      "import": "./dist/auth/index.js",
+      "default": "./dist/auth/index.js"
+    }
+  },
+  "dependencies": {
+    "effect": "3.18.4",
+    "zod": "4.1.12",
+    "@uploadista/core": "0.0.3"
+  },
+  "devDependencies": {
+    "@cloudflare/workers-types": "4.20251011.0",
+    "@types/express": "^5.0.0",
+    "@types/node": "24.8.1",
+    "typescript": "5.9.3",
+    "vitest": "3.2.4",
+    "@uploadista/typescript-config": "0.0.3"
+  },
+  "peerDependencies": {
+    "express": "^4.0.0 || ^5.0.0",
+    "hono": "^4.0.0"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "format": "biome format --write ./src",
+    "lint": "biome lint --write ./src",
+    "check": "biome check --write ./src",
+    "test": "vitest",
+    "test:run": "vitest run",
+    "test:watch": "vitest --watch",
+    "clean": "rimraf -rf dist && rimraf -rf .turbo && rimraf tsconfig.tsbuildinfo"
+  }
+}

package/src/auth/get-auth-credentials.ts

@@ -0,0 +1,97 @@
+/**
+ * Response type for authentication credential requests.
+ * - `isValid: true` with token and expiration
+ * - `isValid: false` with error message
+ *
+ * @example
+ * ```typescript
+ * const response = await getAuthCredentials({
+ *   uploadistaClientId: "my-client",
+ *   uploadistaApiKey: "sk_..."
+ * });
+ * if (response.isValid) {
+ *   console.log(`Token: ${response.data.token}`);
+ * } else {
+ *   console.error(`Auth failed: ${response.error}`);
+ * }
+ * ```
+ */
+export type AuthCredentialsResponse =
+  | {
+      isValid: true;
+      data: { token: string; expiresIn: number };
+    }
+  | {
+      isValid: false;
+      error: string;
+    };
+
+/**
+ * Retrieve JWT authentication credentials from the Uploadista server.
+ * This function exchanges client credentials (ID + API key) for a signed JWT token.
+ *
+ * The JWT token is then used in subsequent API requests via the Authorization header.
+ * Tokens are time-limited and should be refreshed before expiration.
+ *
+ * @param params - Credential exchange parameters
+ * @param params.uploadistaClientId - Your Uploadista client ID
+ * @param params.uploadistaApiKey - Your Uploadista API key (secret)
+ * @param params.baseUrl - Uploadista server base URL (default: https://api.uploadista.com)
+ * @returns Promise resolving to authentication response with token or error
+ *
+ * @example
+ * ```typescript
+ * import { getAuthCredentials } from "@uploadista/server";
+ *
+ * // Get JWT token for API requests
+ * const response = await getAuthCredentials({
+ *   uploadistaClientId: process.env.UPLOADISTA_CLIENT_ID,
+ *   uploadistaApiKey: process.env.UPLOADISTA_API_KEY,
+ * });
+ *
+ * if (response.isValid) {
+ *   // Use token in API requests
+ *   const headers = {
+ *     Authorization: `Bearer ${response.data.token}`,
+ *   };
+ *
+ *   // Token expires in response.data.expiresIn seconds
+ *   setTimeout(
+ *     () => {
+ *       // Refresh token before expiration
+ *     },
+ *     response.data.expiresIn * 1000,
+ *   );
+ * }
+ * ```
+ */
+export const getAuthCredentials = async ({
+  uploadistaClientId,
+  uploadistaApiKey,
+  baseUrl = "https://api.uploadista.com",
+}: {
+  uploadistaClientId: string;
+  uploadistaApiKey: string;
+  baseUrl?: string;
+}): Promise<AuthCredentialsResponse> => {
+  const response = await fetch(
+    `${baseUrl}/uploadista/auth/jwt?apiKey=${uploadistaApiKey}&clientId=${uploadistaClientId}`,
+    {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/json",
+      },
+    },
+  );
+
+  if (response.ok !== true) {
+    return { isValid: false, error: "Failed to get auth credentials" };
+  }
+
+  const data = (await response.json()) as { token: string; expiresIn: number };
+
+  return {
+    isValid: true,
+    data,
+  };
+};

package/src/auth/index.ts

@@ -0,0 +1 @@
+export * from "./get-auth-credentials";